From 44ae8c876606f78fff292b9b95b01490c0cc2639 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Sun, 17 Oct 2010 18:45:05 +0200 Subject: [PATCH] Check collation --- adminer/database.inc.php | 2 +- adminer/drivers/mssql.inc.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/adminer/database.inc.php b/adminer/database.inc.php index eb9f6ac3..94615289 100644 --- a/adminer/database.inc.php +++ b/adminer/database.inc.php @@ -28,7 +28,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c if (!$_POST["collation"]) { redirect(substr(ME, 0, -1)); } - query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE $_POST[collation]", substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005 + query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . (eregi('^[a-z0-9_]+$', $_POST["collation"]) ? " COLLATE $_POST[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005 } } diff --git a/adminer/drivers/mssql.inc.php b/adminer/drivers/mssql.inc.php index 5d850a36..de3114bd 100644 --- a/adminer/drivers/mssql.inc.php +++ b/adminer/drivers/mssql.inc.php @@ -383,7 +383,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table) } function create_database($db, $collation) { - return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE $collation" : "")); + return queries("CREATE DATABASE " . idf_escape($db) . (eregi('^[a-z0-9_]+$', $collation) ? " COLLATE $collation" : "")); } function drop_databases($databases) { @@ -391,7 +391,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table) } function rename_database($name, $collation) { - if ($collation) { + if (eregi('^[a-z0-9_]+$', $collation)) { queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE $collation"); } queries("ALTER DATABASE " . idf_escape(DB) . " MODIFY NAME = " . idf_escape($name));